From ae2e1add6976e181d2e335ab42ff004350f3bc08 Mon Sep 17 00:00:00 2001
From: Marcus Weiner <marcus.weiner@gmail.com>
Date: Mon, 2 Sep 2024 12:28:11 +0200
Subject: [PATCH] Fix network config

---
 group_vars/all.yaml                           |  2 +-
 .../templates/client-bridge.network.j2        | 10 ++++-----
 roles/gateway/templates/dnsmasq.conf.j2       | 12 +++++-----
 roles/gateway/templates/firewall.nft.j2       |  2 +-
 roles/service-ip/templates/bird.conf.j2       | 22 ++++++++++++++++---
 roles/service-ip/templates/service.network.j2 |  4 ++--
 6 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 5cb62ab..0f16723 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -38,4 +38,4 @@ service_ipv4_address: >-
 loopback_interface: "{{ interfaces | selectattr('name', 'equalto', 'lo') | first }}"
 service_ipv6_address: "{{ gateway_ipv6_address }}"
 
-domain_ipv6_subnet: "{{ gateway_ipv6_address | ipaddr('net') }}"
+domain_ipv6_subnet: "{{ gateway_ipv6_address | ansible.utils.ipaddr('network/prefix') }}"
diff --git a/roles/gateway/templates/client-bridge.network.j2 b/roles/gateway/templates/client-bridge.network.j2
index 0222153..19d0151 100644
--- a/roles/gateway/templates/client-bridge.network.j2
+++ b/roles/gateway/templates/client-bridge.network.j2
@@ -4,12 +4,10 @@ Name=br0
 [Link]
 RequiredForOnline=no
 
-[Address]
-{%- for addr in client_bridge_interface.ip_addresses %}
-Address={{ addr }}
-{%- endfor %}
-
 [Network]
+{% for addr in client_bridge_interface.ip_addresses %}
+Address={{ addr.address }}
+{% endfor %}
 DHCPServer=yes
 
 [DHCPServer]
@@ -17,4 +15,4 @@ PoolOffset=10
 PoolSize=64000
 EmitDNS=yes
 ServerAddress=10.12.255.254/16
-DNS={{ service_ipv4_address | ipaddr('address') }}
+DNS={{ service_ipv4_address | ansible.utils.ipaddr('address') }}
diff --git a/roles/gateway/templates/dnsmasq.conf.j2 b/roles/gateway/templates/dnsmasq.conf.j2
index afe34e4..215ed91 100644
--- a/roles/gateway/templates/dnsmasq.conf.j2
+++ b/roles/gateway/templates/dnsmasq.conf.j2
@@ -1,16 +1,16 @@
 interface=br0
 except-interface=lo
-listen-address={{ gateway_ipv4_address | ipaddr('address') }}
-listen-address={{ gateway_ipv6_address | ipaddr('address') }}
+listen-address={{ gateway_ipv4_address | ansible.utils.ipaddr('address') }}
+listen-address={{ gateway_ipv6_address | ansible.utils.ipaddr('address') }}
 bind-interfaces
 
 cache-size=10000
 
 no-resolv
-server=193.110.81.0@{{ service_ipv4_address | ipaddr('address') }}
-server=185.253.5.0@{{ service_ipv4_address | ipaddr('address') }}
-server=2a0f:fc80::@{{ service_ipv6_address | ipaddr('address') }}
-server=2a0f:fc81::@{{ service_ipv6_address | ipaddr('address') }}
+server=193.110.81.0@{{ service_ipv4_address | ansible.utils.ipaddr('address') }}
+server=185.253.5.0@{{ service_ipv4_address | ansible.utils.ipaddr('address') }}
+server=2a0f:fc80::@{{ service_ipv6_address | ansible.utils.ipaddr('address') }}
+server=2a0f:fc81::@{{ service_ipv6_address | ansible.utils.ipaddr('address') }}
 all-servers
 neg-ttl=5
 
diff --git a/roles/gateway/templates/firewall.nft.j2 b/roles/gateway/templates/firewall.nft.j2
index 0ac5c86..5c0cf74 100644
--- a/roles/gateway/templates/firewall.nft.j2
+++ b/roles/gateway/templates/firewall.nft.j2
@@ -17,6 +17,6 @@ table inet nat {
   chain postrouting {
     type nat hook postrouting priority 0;
 
-    ip saddr $client_subnet oif eth0 snat to {{ service_ipv4_address | ipaddr('address') }}
+    ip saddr $client_subnet oif eth0 snat to {{ service_ipv4_address | ansible.utils.ipaddr('address') }}
   }
 }
diff --git a/roles/service-ip/templates/bird.conf.j2 b/roles/service-ip/templates/bird.conf.j2
index 08dcff6..643eb7d 100644
--- a/roles/service-ip/templates/bird.conf.j2
+++ b/roles/service-ip/templates/bird.conf.j2
@@ -1,4 +1,4 @@
-router id {{ service_ipv4_address }};
+router id {{ service_ipv4_address | ansible.utils.ipaddr('address') }};
 
 log syslog all;
 
@@ -36,10 +36,26 @@ filter service {
   reject;
 }
 
+define local_ipv4 = {{
+  wan_interface.ip_addresses |
+  map(attribute='address') |
+  ansible.utils.ipv4 |
+  first |
+  ansible.utils.ipaddr('address')
+}};
+
+define local_ipv6 = {{
+  wan_interface.ip_addresses |
+  map(attribute='address') |
+  ansible.utils.ipv6 |
+  first |
+  ansible.utils.ipaddr('address')
+}};
+
 {% for router in routers %}
 protocol bgp service_v4_{{ router.name | lower }} from ffddorf {
 	description "Service Address Announcement IPv4 to {{ router.name }}";
-	local {{ service_ipv4_address }};
+	local local_ipv4;
 	neighbor {{ router.bgp_peer_ipv4_address }} as ffddorf_asn;
 
 	ipv4 {
@@ -49,7 +65,7 @@ protocol bgp service_v4_{{ router.name | lower }} from ffddorf {
 
 protocol bgp service_v6_{{ router.name | lower }} from ffddorf {
 	description "Service Address Announcement IPv6 to {{ router.name }}";
-	local {{ ansible_default_ipv6.address }};
+	local local_ipv6;
 	neighbor {{ router.bgp_peer_ipv6_address }} as ffddorf_asn;
 
 	ipv6 {
diff --git a/roles/service-ip/templates/service.network.j2 b/roles/service-ip/templates/service.network.j2
index fd7b449..6a89cd0 100644
--- a/roles/service-ip/templates/service.network.j2
+++ b/roles/service-ip/templates/service.network.j2
@@ -2,6 +2,6 @@
 Name=lo
 
 [Network]
-{%- for addr in loopback_interface.ip_addresses %}
+{% for addr in loopback_interface.ip_addresses %}
 Address={{ addr }}
-{%- endfor %}
+{% endfor %}